GOVERNMENT IT REPORT

Congress Backs Billions for Tech R&D Though Enactment Uncertain

The U.S. technology industry is guardedly supporting a massive legislative package designed to address a range of issues affecting the sector, including a federal commitment to add billions of dollars to government technology research and development programs.

The legislation, dubbed the U.S. Innovation and Competition Act (USICA), was approved June 8 by a rare bipartisan vote of 68-32 in the U.S. Senate.

A major factor driving the legislation is the contention that the U.S. has fallen behind China in a national effort to support technology development, including information technology and the digital economy. Sen. Todd Young, R-Ind., characterized the legislation as “a landmark bill to out-compete China in key emerging technology areas critical to our national security.”

Specific areas of focus in the bill include artificial intelligence, machine learning and other software advances; high performance computing, semiconductors, and advanced computer hardware; quantum computing and information systems; biotechnology, medical technology, genomics, and synthetic biology; cybersecurity, and energy innovation including battery technology.

Multiple Amendments

The package started out as the Endless Frontier Act, co-sponsored by Sen. Chuck Schumer, D-N.Y., and Sen. Young, among others. That bill was ambitious enough as first introduced in April. The bill focused on boosting funding for the National Science Foundation (NSF) including creation of a new NSF “Directorate for Technology.”

However, the bill attracted additional provisions during the legislative process, including some which were really complete stand-alone bills that were rolled into the final package, resulting in a 2,300-page proposal.

The legislation even includes the CHIPS for America program to provide $52 billion in federal support for domestic semiconductor development and production.

For companies involved in IT and the digital economy, an important part of the USICA bill deals with significantly boosting federal investments in technology through the National Science Foundation. Both the proposed funding levels and the government’s approach to managing those investments are critical issues requiring close attention for the IT sector.

Under the Senate USICA bill, NSF’s annual budget would nearly double to an average of $16 billion per year over five years from 2022 to 2026. The current fiscal 2021 budget is $8.5 billion. This huge boost in investment is largely related to funding a new NSF Directorate for Technology and Innovation at an average of nearly $6 billion annually from 2022 to 2026.

Private Sector Partnerships

Private sector IT and digital economy entities will be major beneficiaries of the new NSF directorate. The purpose of the directorate is to “strengthen U.S. leadership in critical technologies,” and to “accelerate technology commercialization.”

The legislation further provides that the proposed directorate should “direct basic and applied research, advanced technology development, and commercialization support in the key technology focus areas” listed in the bill. Through the directorate NSF is expected to form partnerships with other federal agencies as well as with “academia, the private sector, and nonprofit entities.”

The move to establishing closer ties between NSF and the private sector has raised concerns about the foundation’s traditional role of engaging in “pure” or basic research unfettered by commercial considerations.

Robert Atkinson, president of the Information Technology Innovation Foundation (ITIF) said soon after the NSF directorate was proposed there was “pushback.” The scientific community, he noted “resisted the idea that government would be asking them to do work related to a critical national mission, and to hold them accountable for ensuring that their work helped accomplish that mission.”

While ITIF supports the provisions in USICA which create the new NSF technology directorate, Atkinson told the E-Commerce Times that “an even more effective approach would be to establish such a directorate as a free-standing agency.”

A separate umbrella entity tuned in to the full range of federal technology activities would avoid any conflicts with the traditional missions of NSF and other agencies, while creating a national effort to support both government and commercial private sector technology development, he contends.

Atkinson favors the creation of a National Advanced Industry and Technology Agency, at the same size as NSF, to “analyze U.S. industry strengths, weaknesses, opportunities, and threats, and to respond with well-resourced solutions ranging from support for domestic research and development to production partnerships and investment in advanced research facilities.”

More than 50 other countries have established such agencies, he noted.

“It is clear that NSF and the science community are uneasy” with taking on applied science with commercial connections versus NSF’s traditional mission, Atkinson said, adding that NSF would “vastly prefer” just getting much larger appropriations.

“But that would do little to help U.S. technology-based competitiveness,” he said. Establishing a separate agency would let NSF continue its mission while enabling applied and industry focused research to be funded elsewhere, he observed.

Advocates, Opponents Take Positions

Whether the USICA package represents a comprehensive approach to developing a national technology capability through government intervention — or a confusing legislative hodgepodge — is likely to be in the eye of the beholder. Differences related to NSF’s future mission aren’t the only potential stumbling blocks affecting eventual enactment of the USICA legislation.

For example, the Computer and Communications Industry Association (CCIA) approved the major USICA goal of supporting increased federal investments for technology research and development, but found other parts of the bill “worrisome.”

One section of the bill deals with “Country of Origin Labeling” (COOL) requirements associated with the internet marketing of internationally sourced products. While COOL especially impacts the U.S. retail marketing sector, digital economy entities have concerns as well.

Arthur Sidney, vice-president of CCIA noted that country of origin provisions in the bill present implementation challenges “given the volume of transactions and no consistent, uniform, and administrable definition” related to COO coverage. “Country of Origin in the international trade context is difficult to administer by customs and authorities, let alone a digital service,” he told the E-Commerce Times.

Sidney also expressed concern about the section of USICA aimed at curbing the use of censorship as a trade barrier tool. Language that would refer such activities to legal authorities for action was “scaled back” in the Senate bill, he contended. It was replaced by provisions which simply called for an annual report to Congress with a list of countries that use censorship as a barrier to digital trade and a description of the agencies efforts to address digital trade disruptions, he said.

While the U. S. Chamber of Commerce expressed general support for the bill in a June 9 statement, Neil Bradley, executive vice president and chief policy officer said the Chamber had “ongoing concerns,” about the bill. In a letter to the Senate in May, the Chamber advocated elimination of the Country of Origin section and expressed reservations about provisions that impact e-commerce such as “Cyber Shield, copyright, and information in the public domain.”

The Senate bill must now be considered by the House of Representatives where similar legislation was approved Monday. However, the House bill only focused on the research scope of NSF and the U.S. Department of Energy. The House bill also includes a new NSF technology solutions directorate but funded at a much lower level than the Senate version.

The ultimate outcome for USICA could take several paths. Since amendments to the Senate bill were added with relative ease, they could be scuttled just as easily, allowing the core NSF and national technology investment elements to be the focus for legislators. Or the collective controversies associated with the different versions of the legislation could stymie adoption.

Regarding chances for enactment of USICA, CCIA’s Sidney noted “We aren’t sanguine, but we are hopeful that this will see the light of day. While it’s not perfect, and we have some concerns, we are hopeful that it can help businesses, and serve as one of the building blocks to protect U.S. innovation and technology.”

John K. Higgins has been an ECT News Network reporter since 2009. His main areas of focus are U.S. government technology issues such as IT contracting, cybersecurity, privacy, cloud technology, big data and e-commerce regulation. As a freelance journalist and career business writer, he has written for numerous publications, includingThe Corps Report and Business Week.Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John K. Higgins
More in Government

TechNewsWorld Channels

Open Source Leaders Push WH for Security Action

A first-of-its-kind plan to broadly address open source and software supply chain security is waiting for White House support.

The Linux Foundation and the Open Source Software Security Foundation (OpenSSF) brought together over 90 executives from 37 companies and government leaders from the NSC, ONCD, CISA, NIST, DOE, and OMB on Thursday to reach a consensus on key actions to take to improve the resiliency and security of open-source software.

A subset of participating organizations has collectively pledged an initial tranche of funding towards the implementation of the plan. Those companies are Amazon, Ericsson, Google, Intel, Microsoft, and VMWare, pledging over $30 million. As the plan evolves further, more funding will be identified and work will begin as individual streams are agreed upon.

Open Source Software Security Summit II is a follow-up to the first Summit held in January, led by the White House’s National Security Council. That meeting, convened by the Linux Foundation and OpenSSF, came on the one-year anniversary of President Biden’s Executive Order on Improving the Nation’s Cybersecurity.

As part of this second White House Open Source Security Summit, open source leaders called on the software industry to standardize on the Sigstore developer tools and support a 10-point plan to upgrade open source’s collective cybersecurity resilience and improve trust in software itself, according to Dan Lorenc, CEO and co-founder of Chainguard, co-creator of Sigstore.

“On the one year anniversary of President Biden’s executive order, today we are here to respond with a plan that is actionable, because open source is a critical component of our national security, and it is fundamental to billions of dollars being invested in software innovation today,” announced Jim Zemlin, executive director of the Linux Foundation, during his organization’s press conference on Thursday.

Pushing the Support Envelope

Most major software packages contain elements of open source software, including code used by the national security community and critical infrastructure. Open-source software supports billions of dollars in innovation but also carries with it unique challenges for managing cybersecurity across its software supply chains.

“This plan represents our unified voice and our common call to action. The most important task ahead of us is leadership,” said Zemlin. “This is the first time I have seen a plan and industry will to foster a plan that will work.”

The Summit II plan outlines approximately $150 million of funding over two years to rapidly advance well-vetted solutions to the 10 major problems the plan identifies. The 10 streams of investment include concrete action steps for both more immediate improvements and building strong foundations for a more secure future.

“What we are doing here together is converging a set of ideas and principles of what is broken out there and what we can do to fix it. The plan we have put together represents the 10 flags in the ground as the base for getting started. We are eager to get further input and commitments that move us from plan to action,” said Brian Behlendorf, executive director of Open Source Security Foundation.

Open Source Software Security Summit II in Washington D.C., May 12, 2022.

Open Source Software Security Summit II in Washington D.C., May 12, 2022. [L/R] Sarah Novotny, Open Source Lead at Microsoft; Jamie Thomas, Enterprise Security Executive at IBM; Brian Behlendorf, executive director of Open Source Security Foundation; Jim Zemlin, executive director of The Linux Foundation.


Highlighting the Plan

The proposed plan is founded on three primary goals:

  • Securing open source security production
  • Improving vulnerability discovery and remediation
  • Shorten ecosystem patching response time

The full plan contains elements to achieve those goals. They include security education that delivers a baseline for software development education and certification. Another element is to establish a public, vendor-neutral objective-metrics-based risk assessment dashboard for the top 10,000 (or more) OSS components.

The plan proposes the adoption of digital signatures on software releases and establishing the OpenSSF Open Source Security Incident Response Team to assist open source projects during critical times when responding to a vulnerability.

Another plan detail focuses on better code scanning to accelerate the discovery of new vulnerabilities by maintainers and experts through advanced security tools and expert guidance.

Code audits conducted by third-party code reviews and any necessary remediation work would detect up to 200 of the most-critical OSS components once per year.

Coordinated data sharing industry wide would improve the research that helps determine the most critical OSS components. Providing Software Bill of Materials (SBOM) everywhere would improve tooling and training to drive adoption and provide build systems, package managers, and distribution systems with better supply chain security tools and best practices.

The Storehouse Factor

Chainguard, who co-created the Sigstore repository, is committing financial resources towards the public infrastructure and network proposed by OpenSSF and will collaborate with industry peers to deepen work on interoperability to ensure Sigstore’s impact is felt across the software supply chain and every corner of the software ecosystem. This commitment includes a minimum of $1 million a year in support of Sigstore and a pledge to run it on its own node.

Designed and built with maintainers for maintainers, it has already been widely adopted by millions of developers worldwide. Now is the time to formalize its role as the de facto standard for digital signatures in software development, said Lorenc.

“We know the importance of interoperability in increasing adoption of these critical tools because of our work on the SLSA Framework and SBOM. Interoperability is the linchpin in securing software throughout the supply chain,” he said.

Related Support

Google on Thursday announced that it is creating an “open -source maintenance crew” tasked with improving the security of critical open-source projects.

Google also unveiled Google Cloud Dataset and Open-Source Insights projects to help developers better understand the structure and security of the software they use.

“This dataset provides access to critical software supply chain information for developers, maintainers and consumers of open-source software,” according to Google.

“Security risks will continue to span all software companies and open-source projects and only an industry-wide commitment involving a global community of developers, governments, and businesses can make real progress. Google will continue to play our part to make an impact,” said Eric Brewer, vice president of infrastructure at Google Cloud and Google Fellow, at the security summit conference.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Security

New EU Law Will Force Google, Meta, Others To Expose Algorithms

European Union law

The content of large tech companies, like Google and Meta, will be more tightly regulated under a new European Union law that received provisional approval Saturday.

Among the provisions of the Digital Services Act approved in an agreement between the European Council and European Parliament are transparency measures on the algorithms used by online platforms and services to recommend content and products to users.

“Platforms should be transparent about their content moderation decisions, prevent dangerous disinformation from going viral and avoid unsafe products being offered on market places,” Executive Vice-President for a Europe Fit for the Digital Age Margrethe Vestager said in a statement.

“With today’s agreement we ensure that platforms are held accountable for the risks their services can pose to society and citizens,” she added.

However, Daniel Castro, vice president of the Information Technology & Innovation Foundation, a research and public policy organization in Washington, D.C. noted that it remains to be seen exactly how the EU will implement some of the new law’s requirements.

“It’s possible that companies like Google and Meta are already meeting the DSA’s transparency requirements for ‘recommender systems’ under their existing disclosures to users,” he told TechNewsWorld.

“And these companies have also made progress in the past few years in terms of better explaining to users how they use their information and how their platforms work, such as ad transparency and ad library,” he added.

Focus on Big Tech

European Commission President Ursula von der Leyen explained in a statement that the DSA will upgrade the ground rules for all online services in the EU.

“It will ensure that the online environment remains a safe space, safeguarding freedom of expression and opportunities for digital businesses,” she said. “It gives practical effect to the principle that what is illegal offline, should be illegal online. The greater the size, the greater the responsibilities of online platforms.”

According to the European Council, the obligations introduced in the new law are proportionate to the nature of the services concerned and tailored to the number of users. Very large online platforms and very large online search engines — defined as services with more than 45 million active monthly users — will be subject to more stringent requirements.

To safeguard the development of start-ups and smaller enterprises in the internal market, the council continued, micro and small enterprises with under 45 million monthly active users in the EU will be exempted from certain new obligations.

“With the DSA, the time of big online platforms behaving like they are ‘too big to care’ is coming to an end,” Commissioner for the Internal Market Thierry Breton said in a statement.

Castro, though, maintained that the EU is making a mistake by focusing so much on the largest tech companies. “Smaller firms have a significant impact on consumers as well, and the largest companies are often the ones with the most resources and commitment to addressing harms,” he said.

Drag on Innovation?

Google did not immediately respond to a request for comment for this story, but in a blog written by Karan Bhatia, vice president for global public affairs and government relations, posted in October, the company warned, “While we support the ambition of the DSA to create clear rules for the next 20 years that support economic growth, we worry that the new rules may instead slow economic recovery.”

“They would prevent global technology companies like Google from building innovative digital tools like the ones that people have used through lockdown — and that will help European businesses rebuild their operations,” Bhatia wrote. “That would be a missed opportunity for Europe as it looks to the post-Covid future.”

In addition to algorithm transparency, other provisions empowering users and society include:

  • The possibility to challenge platforms’ content moderation decisions and seek redress, either via an out-of-court dispute mechanism or judicial redress; and
  • Access to vetted researchers to the key data of the largest platforms and provision of access to NGOs to public data to provide more insight into how online risks evolve.

Explosion of Public Scrutiny

“Even more impactful than making more information transparent about their algorithms is going to be the researcher data access provision,” observed Alex Engler, a fellow at the Brookings Institution, a nonprofit public policy organization in
Washington, D.C.

“There’s only so much you can learn by telling people something broad about a complicated issue as the interaction between an algorithm and millions of people who use it on a daily basis, but when you let professional researchers study all of that , they can come away with much more nuanced, specific understanding of what’s going on,” he told TechNewsWorld.

“Did a policy change lead to more disinformation? What are the mental health impacts of using social media?” he asked. “In those areas, we’ll see the most public scrutiny into large online platforms that the world has ever seen. Without any doubt, this will fundamentally change the level of public knowledge about these platforms.”

He explained that the DSA requires independent groups to validate what the companies are saying. “That gives them a lot less room to completely manipulate and hide the harms on their platforms,” he said.

He discounted concerns about the harm that opening algorithms to the public could have on the companies’ competitive edge.

“The competitive advantage of these companies comes more from their user base than the algorithms themselves,” he contended. “Facebook could tell me exactly how their algorithm works, and I wouldn’t be able to replicate the site because I don’t have billions of people coming to my website every day.”

Not Leaving EU

“The DSA is a significant piece of legislation, but it is unlikely to dramatically change the internet,” Castro noted.

“It imposes a number of new obligations on large online platforms, however, none of the rules are so onerous that large tech companies will leave the European market,” he added.

“A 450 million person market among the wealthiest countries in the world?” Engler asked. “I think the tech companies will comply with the new law.”

“These requirements are not so invasive that these companies won’t be able to make money anymore,” he said, “so I would be very surprised to see them leave.”

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John P. Mello Jr.
More in Tech Law